Ohio University

Search within:

Types of Phishing Messages

Phishing is a type of social engineering attack that is often used to steal user information like login credentials and credit card numbers. Bad actors send fraudulent emails out to hundreds of people, hoping a few will click on the attached links, documents, or pictures, with the goal of getting the recipients to willingly provide valuable private information.

Phishing has evolved significantly over the past few years. Bad actors have developed a variety of methods to trick individuals into providing them valuable information.

Types of Phishing Messages

  • Email impersonation or spoofing is a forgery of a message so it appears to have originated from a legitimate sender. This is a popular tactic by attackers as the recipient is more likely to open a message from a familiar source. These attacks often turn into gift card scams, where the attacker influences the individual to buy gift cards.
  • Part-Time Job Scams often target college students or alumni who may be searching for job opportunities. These scams are fake job offers that are usually too good to be true, offering high wages for little work. Be wary of any unsolicited emails with this characteristic, especially ones that send a check prior to you beginning any work. The scammer often will request you to wire a portion of the check back to them, and you will lose that amount of money.
  • Emails tagged as malware have been identified to contain a link or an attachment that directs your machine to install malicious software. Generally, malicious software can delete or steal personal information, slow down your computer, encrypt your files and hold them for ransom, or display unwanted advertisements.
  • Extortion email messages threaten the recipient and demand a payment, often in the form of a cryptocurrency like Bitcoin. A popular extortion category is known as sextortion, where the attacker will claim they have malware installed on your computer that captured embarrassing photos of you. Attackers may also leverage previously breached credentials for services tied to your email address to provide a level of authenticity to their message.
  • Vishing is a type of social engineering attempt that takes place over the phone. A random number or spoofed phone number calls and a bad actor attempts to collect valuable personal information by claiming they are a debt collector or other type of customer service representative.